diff options
| author |   jsing <jsing@openbsd.org> | 2017-05-07 01:59:34 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-05-07 01:59:34 +0000 |
| commit | ef1e76ea414ae26802ce3dd3706dc42a278cfb62 (patch) | |
| tree | b98c550f6c5c6a6101f1efcda7869da86f9a00d5 | |
| parent | Add a test that calls tls_handshake() on a connection that has already (diff) | |
| download | wireguard-openbsd-ef1e76ea414ae26802ce3dd3706dc42a278cfb62.tar.xz wireguard-openbsd-ef1e76ea414ae26802ce3dd3706dc42a278cfb62.zip | |
Return an error if tls_handshake() is called on a TLS context that has
already completed a TLS handshake.
| -rw-r--r-- | lib/libtls/tls.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index b639873df4a..7906788b083 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.62 2017/05/06 20:59:28 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.63 2017/05/07 01:59:34 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -627,6 +627,11 @@ tls_handshake(struct tls *ctx) goto out; } + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { + tls_set_errorx(ctx, "handshake already completed"); + goto out; + } + if ((ctx->flags & TLS_CLIENT) != 0) rv = tls_handshake_client(ctx); else if ((ctx->flags & TLS_SERVER_CONN) != 0) |